FBI investigators have recovered millions in cryptocurrency that was paid in ransom to hackers whose attack prompted the shutdown of the Colonial Pipeline last month, the Justice Department announced this week.
Specifically, the Justice Department said it seized $2.3 million in Bitcoins paid to individuals from an Eastern European criminal hacking group known as DarkSide.
While the recovery of the money is an important blow against hackers, cybersecurity experts have warned that extensive action must be taken to prevent further attacks.
Alan Grau, VP of IoT and Embedded Solutions at Sectigo said, “This was the most disruptive ransomware attack on record, illustrating how cybercriminals are confident enough to attack ever-more critical targets in search of ransom fees. This brings into sharp focus just how vulnerable a nation’s critical infrastructure is to cyberattacks.”
“Whilst the Justice Department recovering $2.3 million is welcome news, the nation is yet to address the glaring security risks that led to the attack. Had this been a nation-state wanting to damage to the cyber-physical systems controlling the pipeline, they may have been able to do so.”
“Critical infrastructure providers must harden all of their systems against cyber-attacks. The embedded devices and control systems managing critical infrastructure are not isolated from the IT systems, and attacks against IT systems can be used as a beachhead to launch further attacks against these control systems.
“Multiple levels of security, starting with strong authentication and S/MIME protection for email provides a layer of protection against phishing attacks and other cyberattacks that are commonly used as entry points for ransomware attacks.”